Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
iCloud has been the victim of a few hacks and attacks in recent memory, including the massive leak of celebrity photos in 2014. Apple has done its best to make the service as safe as possible by providing a number of challenges and levels of encryption for attackers to get through, and it’s actually quite secure.
But that doesn’t mean you shouldn’t take steps to make sure that no one gets access to your iCloud information. Even if you don’t keep important files in there, your iCloud Keychain could contain valuable passwords that someone could misuse if they got a hold of them.
Here’s what you need to do to make sure your iCloud account is as secure as possible.
1. Use a Better Password
You’re probably tired of hearing this by now, but a strong password is your best defense against nefarious characters getting access to your accounts. If you’re using your kids’ names, your birthday, or “password” to protect your accounts, you need to change your passwords now.
We have a nearly infinite selection of resources you can use: tips for creating an unbreakable password, how to come up with strong passwords that match your personality, and an explanation of how to use LastPass’s security challenge to master your passwords. Use these tips and a good password manager to make sure your iCloud password isn’t a liability.
Just do it.
2. Enable Two-Factor Authentication
More services allow two-factor authentication (2FA) all the time, and iCloud gives you this option as well. Apple uses its own 2FA method instead of a more popular one like Google Authenticator or Authy, and you’ll need to either have a phone you can receive texts on or another Apple device to activate it.
Once you’ve enabled 2FA, you’ll only be able to access your iCloud account from trusted devices, and when you try to sign on from a device for the first time, you’ll need to enter a code that’s displayed on another of your trusted devices. Even if someone knows your password, they won’t be able to log in unless they also have another of your devices.
To get started, open Settings > iCloud on your iPhone or iPad, and tap your Apple ID at the top of the screen. Tap Password & Security, then hit Turn on Two-Factor Authentication.
You can also activate it from your computer by going to System Preferences > iCloud > Account Details > Security. Hit Turn on Two-Factor Authentication and follow the instructions.
3. Change Your iCloud Security Code
Every iCloud user’s Keychain is doubly encrypted and doubly protected. In addition to providing your password, you also need to use the Keychain security code. This is a four- or six-digit code that’s different from the code you use to unlock your iOS device.
But a four- or six-digit code isn’t all that secure, and could conceivably be cracked without a huge amount of effort (though after a certain number of unsuccessful attempts, your data is moved and further secured until you provide additional information). Instead of one of these codes, you can have Apple generate a random one that’s more secure.
To do this from your Mac, go to System Preferences > iCloud > Keychain Options > Change Security Code. Hit Advanced and you’ll have the option to create a complex code, generate a random one, or not use a code, in which case you’ll need to approve access from another of your devices. The random code is plenty secure, so hit Next and receive your code.
Here’s the important part: don’t lose this code. Apple doesn’t have this one, so if you lose it, you’re in serious trouble. Put it in a password manager or somewhere else you won’t lose it. Just make sure it’s not easily accessible for someone who might need it to get into your Keychain.
4. Activate Find My iPhone / iPad / Mac
If someone gets a hold of your device, it’s going to be much easier to get access to anything in your iCloud account. Fortunately, Apple lets you lock your device with a custom four-digit code and display a message on the screen in addition to tracking the location so you can go get it. You can even remotely erase your device if you’re not confident you can get it back.
From System Preferences on your Mac or Settings on your iPhone or iPad, go to iCloud and makes sure Find My iPhone (or Mac or iPad) is turned on. You can also enable Send Last Location to share the location of the device when the battery is critically low so you can see where it’s been even if it runs out of battery.
If you lose your device, just sign into iCloud.com and use the Find My iPhone app. It’ll show you the location of your devices on a map. Click the i button on the display and Find my iPhone will give you the option to play a sound to help you find a lost device, engage Lost Mode and lock the screen, or erase the device.
Don’t Be Lazy: Secure iCloud Right Now
iCloud stores a lot of really important information, especially if you backup your devices or store iWork documents there. If you keep all of your photos synced to iCloud, you have even more sensitive information there. And if you allow iCloud to sync your Keychain (which you should, for convenience’s sake), you have some really important stuff there. It’s not a cause for concern, but you should definitely make sure you’re taking the right steps to secure your cloud storage.
It only takes a few minutes, and it could save you a huge headache in the future.
Do you have these features enabled in your own iCloud account? What else might you do to keep it secure? Share your thoughts and tips below!